AI Anomaly Correlation
Eight proprietary ML models detect slow-moving, cross-domain anomalies across your entire stack — from silicon to semantic — without pre-configured rules. Then correlate them to surface root causes that siloed monitoring tools will never find.
Monitoring tools only see their own slice
Splunk sees security logs. Datadog sees APM traces. Your network tools see packets. Each one alerts within its own domain — and misses everything between.
The hardest problems are cross-domain. A GPU memory leak manifests as model inference degradation. A network flapping event causes application timeouts. A container resource limit change triggers database contention three layers away. These causal chains are invisible to any tool that only watches one slice.
FFWD sees them all simultaneously — because it sits at the aggregation point where telemetry from every layer converges before reaching downstream systems.
The Marker Concept
FFWD describes your system's operational state through markers — features auto-extracted from raw logs and metrics. Some are explicit (CPU temperature, error codes, response times). Others are implicit (log structure patterns, event sequences, semantic fingerprints, rate profiles).
Each marker is a clue. Individually, a marker may mean nothing. Correlated across domains and tracked over time, markers reveal the slow-moving, non-obvious anomalies that rule-based alerts miss entirely.
8 x Proprietary AI and ML Models
Structure — Detects when log patterns shift from established baselines
Sequence — Detects unusual event ordering and unexpected execution paths
Semantic Similarity — Detects novel, never-before-seen log lines by meaning
Content Similarity — Detects drift in prompt/response behaviour over time
Numeric Clustering — Detects out-of-range values and novel numeric patterns
Categorical Drift — Detects distribution shifts in discrete field values
Spike Analysis — Detects volume anomalies and traces spikes to specific log lines
Time-Series Forecasting — Predicts expected behaviour with confidence bands using transformer-based models
CROSS-DOMAIN CORRELATION
where root causes surface
Individual anomaly scores tell you something is unusual. Correlation tells you why.
FFWD measures timing relationships between anomalous markers across unrelated systems using Spearman rank correlation and Wavelet analysis — revealing causal chains that span infrastructure, network, application, and AI workload layers.
Anomaly Journals record marker scores, correlations, and symptomatic log evidence at 5-minute, hourly, and daily intervals with 30-day rolling history. Trend analysis and symptom suppression learn known benign conditions over time — reducing noise without losing sensitivity.
Root-Cause Advisory
FFWD synthesises anomaly findings into natural language advisory reports — powered by your choice of LLM (Claude, GPT, Gemini, Grok, or on-prem models).
Each report covers: symptoms detected, probable root causes, remedies, and the specific symptomatic log lines as evidence. Delivered daily and hourly. Available to human operators through the FFWD UI, or directly to AI agents via MCP.
An AI chat interface lets operators navigate markers, correlations, and evidence conversationally — no query language required.
Model Context Protocol (MCP) Integration
FFWD's built-in MCP server exposes anomaly detection data, correlation reports, anomaly journals, and symptomatic log evidence directly to AI agents. Use Claude, Copilot, GPT, or any MCP-compatible agent to troubleshoot issues, navigate correlations, or run deeper analysis.
Beyond detection outputs, FFWD MCP server exposes raw logs and metrics for free-form queries — AI agents can dig deeper when they need to, running their own analysis against your telemetry database. Enterprise-grade ReBAC permissions ensure multi-tenant access control. All within your security perimeter.
Private Deployment
FFWD Anomaly Correlation runs entirely within your environment. On-premises, private cloud, or air-gapped — your telemetry never leaves your security perimeter. No SaaS dependencies. No data sovereignty concerns. All eight ML models train and run locally on your infrastructure.
Multi-tenant architecture lets you run FFWD as private SaaS — serving multiple business units from a single deployment with full data isolation.